SHAREit's maror security flaws are still unresolved by its developers, which could lead to massive user data leaks. Why? Because the popular file-sharing app is downloaded by billions of people across the globe.
PALO ALTO, CA - APRIL 28: A customer looks at a white and a black iPhone 4 at the Apple store April 28, 2011 in Palo Alto, California. The long awaited white iPhone, first announced in June of 2010, went on sale worldwide for the first time today.
According to ZDNet's latest report, the app's developer failed to fix SHAREit's security bugs for more than three months now, which is a really serious matter as more than one billion users could be affected by the unpatched vulnerabilities.
Security experts explained that hackers can exploit these security bugs and other flaws to run malicious code on users' smartphones. Echo Duan, a mobile threat analyst for security firm Trend Micro, explained that the root cause of SHAREit's security bugs is the lack of proper restrictions on who can access the popular app's code.
How serious is SHAREit's security flaw?
Trend Micro's security expert said that the hackers, who perform a person-in-the-middle network attack, can send malicious commands to the popular file-sharing application and take over its features to run custom code. Cybercriminals can also overwrite apple's local files and install third-party apps without the user's knowledge.
Deni (L), plays Pokemon Go game on his smartphone on July 24, 2016 in Yogyakarta, Indonesia. "Pokemon Go," which uses Google Maps and a smartphone has been a smash-hit in countries where it is available and already popular in Indonesia even though it has not been officially released. Indonesians have been downloading the game by using a proxy location which gives them access to app stores of other countries as security officials have voiced worries that the game could pose a security threat.
Because of its unpatched security bugs, SHAREit can also be affected by malicious or other infected apps that are running on the user's smartphone. On the other hand, these vulnerabilities also make the app a target of the so-called Man-in-the-Disk attacks, which is a type of vulnerability that was first discovered by Check Point 2018 back in 2018.
This security flaw circulates the insecure storage of the sensitive app resources in a location of the phone's storage space, which is shared with other platforms. The sensitive app resources can either be edited, replaced, or deleted by many malicious cyber attackers.
"We reported these vulnerabilities to the vendor, who has not responded yet," said Duan via ZDNet.
"We decided to disclose our research three months after reporting this since many users might be affected by this attack because the attacker can steal sensitive data," he added.
On the other hand, he contacted a SHAREit spokesperson via email to coordinate regarding the app's unpatched vulnerabilities. However, the anonymous spokesperson declined to make any statement regarding the current issue.
Alternative apps for SHAREit
If you are one of those users who are worried about the safety of their files and personal information, here are the best SHAREit alternatives you can use. Tech Viral listed the ten best alternative applications you can try;
- FEEM
- Superbeam
- Files Go
- inShare
- JioSwitch
- Portal - WiFi File Transfers
- Easy Share
- TeamViewer for Remote Control
- Zapya
- AirDroid
For more news updates about SHAREit's vulnerabilities and other app issues, always keep your tabs open here at TechTimes.
Related Article: MacOS Telegram Second Vulnerability Flaw Found After Version 7.4 Update
This article is owned by TechTimes.
Written by: Giuliano de Leon.
